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IS Responsive to communication(s) filed on Mar 21. 1999 

□ This action \k FINAL 

□ Since this application is in condition for allowance except for formal matters, prosecution as to the merits is closed 
in accordance with the practice under Ex parte QuQfl&35 CD. 11; 453 O.G. 213. 

A shortened statutory period for response to this action is set to expire 3_ month(s), or thirty days, whichever is 
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37 CFR 1.136(a). 
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DETAILED ACTION 



This action is in response to Applicant's amendment and reconsideration filed on March 21 , 2000. 



1. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless — 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371© of this title before the invention 
thereof by the applicant for patent. 



2. Claims 1, 7-9, 14-15, 21-23, and 28-31 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Ensor et al. (U.S. Patent No. 5,721,780, hereinafter "Ensor"). 

In considering claims 1,15, and 31, Ensor discloses a system for a computer-implemented 
method, comprising: 

checking a first memory (126) to determine if a user has previously accessed a resource on 
a computer network (col. 5, lines 10-12, 54-60; note: previous access is determined according to 
whether or not memory 126 returns a password - see col. 5, lines 54-58) upon receipt of an 
indication from the user to access the resource (col. 2, lines 43-47); and 

providing the user with access to the resource if the first memory indicates that the user 
has previously accessed the resource (col. 6, lines 1-6; note: according to Ensor, provision of 
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access only occurs if that password matches a submitted password (col. 6, lines 1-3). While this 
step may seem to impose a further limitation over the claim, thus rendering it different from the 
claimed invention, the step is intended to ensure that only users who have authentically gained 
previous access can obtain subsequent access. Therefore, while the cited passage includes an 
extra authentication step, it still encompasses all steps of the present limitation). 

In considering claims 7 and 21, Ensor further discloses the resource being a file (col. 6, 
lines 3-5). 

In considering claims 8 and 22, Ensor further discloses the resource being volume of files 
(col. 3, lines 30-3 1; wherein "databases" is a volume of files). 

In considering claims 9 and 23, Ensor further discloses the resource being a memory 
device (col. 3, lines 30-31). 

In considering claims 14 and 28, Ensor further discloses the request from the user 
indicating an operation to perform with respect to the resource (col. 6, line 5, wherein 
"downloading requested software" comprises indicating an operation to perform with respect to 
the resource) including: 
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checking the first memory to determine if the user may perform the operation with respect 
to the resource (col. 5, lines 54-60; the user may perform the operation if the first memory 
indicates that the user is authorized to access the resource); 

checking a second memory (1 12) to determine if the user may perform the operation with 
respect to the resource if the first memory does not indicate that the user may perform the 
operation with respect to the resource (col. 5, lines 8-17); 

providing the user with access to the resource if the second memory indicates that the user 
may perform the operation with respect to the resource (col. 5, lines 22-27, 32-35; if no password 
match is found in the second memory, then the user may perform the operation with respect to the 
resource); and 

storing information in the first memory indicating that the user may perform the operation 
with respect to the resource if, after checking the second memory, the second memory indicates 
that the user may perform the operation with respect to the resource (col. 5, lines 27-32). 

In considering claims 29 and 30, Ensor further discloses: 

checking a second memory (1 12) to determine if the user may access the resource if the 
first memory does not indicate that the user has previously accessed the resource (col. 5, lines 8- 
17); 
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providing the user with access to the resource if the second memory indicates that the user 
may access the requested resource (col. 5, lines 22-27, 32-35; if no password match is found in 
the second memory, then the user may access the resource); and 

storing information in the first memory indicating that the user may access the resource if, 
after checking the second memory, the second memory indicates that the user may access the 
requested resource (col. 5, lines 27-32). 



3. Claims 3-4, 10-13, 17-18, 24-27, and 32-33 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ensor. 

In considering claims 3 and 17, although the system taught by Ensor discloses substantial 
features of the claimed invention, it fails to explicitly disclose representing the user in the first 
memory by a token. However, the system taught by Ensor does disclose representing the user 
with a password, and a person having ordinary skill in the art would have readily recognized that a 
token is merely one possible representation of a password. Thus it would have been obvious to 
use a token as the password to represent the user in the network access system taught by Ensor, 
so that the password could have a predictable, set amount of bits. 



Claim Rejections - 35 USC §103 



In considering claims 4 and 18, Ensor further discloses the password, (which could be a 
token, as discussed above) also representing a plurality of other users (col. 6, lines 10-16). 
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In considering claims 10 and 24, although the system taught by Ensor discloses substantial 
features of the claimed invention, it fails to explicitly disclose storing of the information in the first 
memory comprising overwriting other information associated with the resource in the first 
memory. Nonetheless, it is well known in a network resource access system that information 
relating to access rights can be overwritten if access rights to the system should change. Further, 
Ensor discloses the possibility that information stored in the first memory could be tampered with, 
thus causing authentication problems within the network (col. 5, lines 60-65). Therefore, given 
the likelihood of tampering, it would have been obvious to a person having ordinary skill in the art 
to overwrite the tampered information with correct information submitted from the users to 
remedy the faulty authentication situation. 

In considering claims 12 and 26, although the system taught by Ensor discloses substantial 
features of the claimed invention, it fails to disclose removing indications from the first memory 
allowing access to the resource if the resource is altered. Nonetheless, removing access privileges 
to a resource after changes have occurred in a network is well known. Thus, it would have been 
obvious to a person having ordinary skill in the art to remove indications allowing access to the 
resource, in case the resource is altered to include classified information which should not be 
viewed by current users. 
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In considering claims 13 and 27, although the system taught by Ensor discloses substantial 
features of the claimed invention, it fails to disclose removing indications from the first memory 
allowing access to the resource if rights to the user are altered. Nonetheless, removing user 
access privileges to a resource in a network is well known. Thus, it would have been obvious to a 
person having ordinary skill in the art to remove indications allowing access to the resource in 
case a user who acts irresponsibly or who changes jobs should no longer have access to classified 
information. 

4. Claims 5, 19, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ensor in view of Teper et al. (U.S. Patent no. 5,815,665, hereinafter "Teper"). 

In considering claims 5 and 19, although the system taught by Ensor discloses substantial 
features of the claimed invention, it fails to disclose the tokens representing anonymous users. 
Nonetheless, representing anonymous users with tokens in a network user access system is well 
known, as evidenced by Teper. In a similar art, Teper discloses a network user access system 
wherein a token in a first memory ("security system 64C") is checked to determine whether users 
are allowed access to a system (col. 15, lines 35-51) and wherein the tokens represent anonymous 
users (col. 5, lines 33-37; col. 6, lines 42-44). A person having ordinary skill in the art would 
have readily recognized the desirability and advantages of representing users of the system taught 
by Ensor, anonymously, as taught by Teper, in order to protect user identities by allowing 
anonymous use over a completely untrusted public network such as the Internet (see Teper, col. 
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7, lines 2-3). Therefore, it would have been obvious to allow anonymous user access, as taught 
by Teper in the user resource access system taught by Ensor. 

In considering claim 20, Teper further discloses authorizing the user by checking a 
password provided by the user, and associating the token with the user after authorizing the user 
(col. 15, lines 21-45). Teper then further discloses using the token to check a memory area for 
access rights (col. 15, lines 41-42). It would have been obvious to a person having ordinary skill 
in the art to include a password for authorization in addition to a token for access rights, as 
taught by Teper, instead of using only a single password (or token) signifying both authorization 
and access rights, as taught by Ensor, because having two separate security measures decreases 
the likelihood of unauthorized access by keeping usernames and passwords unknown to the 
resource being requested (see Teper - Abstract). 

5. Claims 1 1 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ensor, 
in view of Brown et al. (U.S. Patent No. 5,941,947, hereinafter "Brown"). 

In considering claims 1 1 and 25, although the system taught by Ensor discloses substantial 
features of the claimed invention, it fails to disclose writing a token for the user in the first 
memory over another token for another user that had last previous access to the resource. 
Nonetheless, overwriting information related to access rights in a network system is well known, 
as evidenced by Brown. In a similar art, Brown describes a network access control system, 
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wherein access rights to network resources are stored in a cache, and wherein a machine 
containing access rights cache contains cache flushing structures which monitor certain activities 
to determine when a user-specific access rights list may be overwritten in the cache (col. 28, lines 
46-50). Furthermore, the system taught by Brown also describes one method of overwriting data 
in the cache including a least-recently-used monitor to determine which access rights to overwrite 
(col. 28, lines 50-57). Although the method disclosed by Brown cites a least-recently-used cache 
dump, while the claimed invention discloses a last-previously-accessed overwriting process, the 
use of any time-dependent access-rights replacement algorithm would have been an obvious 
modification to the system taught by Ensor in order to open up storage space in the access-rights 
memory in case the memory has become full. 

6. Claims 32-33 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ensor, in 
view of the admitted prior art. 

In considering claim 32, although the system taught by Ensor discloses substantial features 
of the claimed invention, it fails to disclose opening the requested resource to determine if the 
user may access the requested resource if the memory does not indicate that the user has 
previously accessed the resource, and providing the user with access to the requested resource if 
the requested resource indicates that the user may access the requested resource. Nonetheless, 
the step of opening a requested resource to determine if a user may access the resource, and 
providing the user with access to the requested resource if the resource indicates that the user 
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may access the resource is well known, as admitted in the "statement of the problem" section of 
the present application (see page 2, line 30 - page 3, line 5). A person having ordinary skill in the 
art would have readily recognized the desirability and advantages of instead of determining 
authentication by accessing the service bureau's internal database (112) after first checking a first 
memory (126) as taught by Ensor, determining authentication by directly accessing and opening 
the resource, as is admittedly well known, after first checking the first memory, as taught by 
Ensor, because although the latter method of opening the resource may consume a great deal of 
CPU time, as admitted in the specification, it is a more direct method that avoids the necessity of 
employing an extra "middle-ware" device. 

In considering claim 33, Ensor further discloses storing information in the memory 
indicating that the user has previously accessed the requested resource (col. 5, lines 54-60). 



7. Applicant's arguments with respect to claims 1-33 have been considered but are moot in 
view of the new ground(s) of rejection. 



Response to Arguments 
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Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to applicants 
disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Bradley Edelman whose telephone number is (703) 306-3041 . The 
examiner can normally be reached on Monday to Friday from 8:30 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Glen Burgess, can be reached on (703) 305-4792. The fax phone number for the organization 
where this application or proceeding is assigned is (703) 305-7201. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 308-3900. 




May 26, 1999 



